What is the severity of CVE-2013-2179?

CVE-2013-2179 is classified as a denial of service vulnerability due to a NULL pointer dereference.

How do I fix CVE-2013-2179?

To fix CVE-2013-2179, update to a version of X.Org xdm newer than 1.1.11.

What versions of X.Org xdm are affected by CVE-2013-2179?

CVE-2013-2179 affects X.Org xdm versions 1.1.10 and 1.1.11.

What can an attacker do with CVE-2013-2179?

An attacker can exploit CVE-2013-2179 to cause a denial of service by crashing the X.Org xdm process.

Is CVE-2013-2179 specific to any operating system?

CVE-2013-2179 is associated with any operating systems that utilize X.Org xdm versions 1.1.10 or 1.1.11.

Vulnerability/
CVE-2013-2179

medium

4.3

CWE

310 476

27/12/2013

6/8/2024

CVE-2013-2179: Null Pointer Dereference

First published: Fri Dec 27 2013(Updated: )

X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
X X Display Manager	=1.1.10
X X Display Manager	=1.1.11

Remedy

http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2179?
CVE-2013-2179 is classified as a denial of service vulnerability due to a NULL pointer dereference.
How do I fix CVE-2013-2179?
To fix CVE-2013-2179, update to a version of X.Org xdm newer than 1.1.11.
What versions of X.Org xdm are affected by CVE-2013-2179?
CVE-2013-2179 affects X.Org xdm versions 1.1.10 and 1.1.11.
What can an attacker do with CVE-2013-2179?
An attacker can exploit CVE-2013-2179 to cause a denial of service by crashing the X.Org xdm process.
Is CVE-2013-2179 specific to any operating system?
CVE-2013-2179 is associated with any operating systems that utilize X.Org xdm versions 1.1.10 or 1.1.11.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/author
agent/first-publish-date
agent/tags
agent/description
agent/event
agent/source
vendor/x
canonical/x x display manager
version/x x display manager/1.1.10
version/x x display manager/1.1.11

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.